CN103403730A - Secure access to personal health records in emergency situations - Google Patents

Secure access to personal health records in emergency situations Download PDF

Info

Publication number
CN103403730A
CN103403730A CN2012800071701A CN201280007170A CN103403730A CN 103403730 A CN103403730 A CN 103403730A CN 2012800071701 A CN2012800071701 A CN 2012800071701A CN 201280007170 A CN201280007170 A CN 201280007170A CN 103403730 A CN103403730 A CN 103403730A
Authority
CN
China
Prior art keywords
secret
user
key
hardware token
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012800071701A
Other languages
Chinese (zh)
Other versions
CN103403730B (en
Inventor
S·L·基奥
M·阿希姆
S·S·库马尔
P·J·勒努瓦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Publication of CN103403730A publication Critical patent/CN103403730A/en
Application granted granted Critical
Publication of CN103403730B publication Critical patent/CN103403730B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1014Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A system including a server system, a user terminal and a hardware token, for providing secure access to a data record. The server system comprises storage means (1) for storing a plurality of data records, a data record (2) having associated therewith a sequence of secrets(14)shared with a hardware token (60) corresponding to the data record(2), the server system(100) further being arranged for storing user authentication information (3). User authenticating means (10) are provided for receiving authentication credentials (11) of a user from a user terminal (200) and authenticating the user as an authorized user, based on the authentication credentials (11) of the user and the stored authentication information (3). Secret-receiving means (9) are provided for receiving a representation of a secret (13) revealed by a hardware token (60) and information identifying the data record corresponding to the hardware token from the terminal. Marking means (12) are provided for marking the unused secret (s3) as used.

Description

In emergency condition, individual health record is carried out secure access
Technical field
The present invention relates to provide the secure access to the data record.
Background technology
To the demand of the system management of the data relevant to health or medical data in continuous growth.Can be preserved safely from the diagnosis report of Different hospital or clinic, prescription, drug consumption record etc., and can be so that the user can access such medical data very easily.Such health data management application can be used for such as the patient who suffers from chronic disease and be easy to forget and want help managing the elderly of its health records.The concept of the individual health record (PHR) that can be managed voluntarily by the user has been proposed recently.This PHR can be used for storage user's the also access of control to user's health data of health data.Electronic medical record (EMR) and electric health record (EHR) from hospital can be directed in user's PHR, thereby make as long as the internet connection is available, with regard to allowing, user's health data are carried out ubiquitous access.
Under default situations, only to the access of user's permission to PHR.But the user also can define Access Control List (ACL) or other access control mechanismss.For example, Julien K ü nzi, Paul Koster, Milan Petkovic, Emergency Access to Protected Health Records, in K.-P.Adlassnig et al. (Eds.): Medical Informatics in a United and Heathy Europe, MIE2009, IOS Press, 2009, pp.705-709, hereinafter referred to as K ü nzi et al., disclose kinsfolk, kith and kin granted access to the user.In addition, the elderly can carry out by authorize license completely to more competent kinsfolk the task of their medical records of mandatory administration.In case of emergency, when doctor and ambulance corps planned to provide treatment to the user who loses consciousness, predefined like this access control policy just had deficiency.Because the user can't provide its password, and this access control policy may not allow undelegated individual access data, so the PHR that emergency physician and ambulance corps can't calling parties.Yet, if in emergency when the user receives treatment, some background informations about user's health status can be provided, this will be useful so.Research shows,, if doctor's Internet access is about patient's information before emergency treatment, so originally can avoid many fatal mistakes.
K ü nzi et al. discloses by emergency physician and has sent request of access, indicates this to be one and promptly goes beyond (emergency override).If request entity has suitable authority, that is to say that request entity is the medical practitioner, granted access power also is recorded subsequently.Subsequently, the audit after access log is used to access, to judge whether the access to the user health data is legal.Yet, being malice if promptly go beyond, so such mechanism is inoperative, this is because it has invaded user's the health data right of privacy.Say in essence, audit is not the precautionary measures that stop the malice access of PHR.
In case of emergency,, because the user is unconscious, so can't providing its password, he can access PHR.Therefore, this has triggered the demand to the emergency access of user's PHR.Yet the PHR server is difficult to distinguish the malice attempt of real emergency condition and access PHR, and this is that the user is unavailable because in both cases.
" Implementing Security And Access Control Mechanisms For An Electronic Healthcare Record ", Frank K.Uckert et al, AMIA2002Annual Symposium Proceedings, a kind of system is disclosed, wherein the user can, by enable and define the urgent subset of its HER in its record, provide the read access to this urgent subset.When enabling this feature, create urgent TAN.The combination that is imprinted on network address, user name and this urgent TAN on small and exquisite wallet card is carried by patient, and when emergency occurs in this patient for other people.TAN(transaction number has been arranged), the user just can give in session only access to a plurality of parts of its record to anyone.The principle of this TAN with from international networks go to bank and know the sort of similar.After using once, TAN lost efficacy.Often when needed, be used for just can producing new TAN.
Summary of the invention
A kind of improved system of the secure access that data are recorded that provides is provided will have superiority.In order better to solve this concern, the first scheme of the present invention provides a kind of server system, comprising:
Memory module, be used for storing a plurality of data recording, and a data record has secret sequence associated therewith, shared with the hardware token corresponding to this data recording, and described server system further is arranged for storing a plurality of authentication certificates of user;
Subscriber authentication module, be used for receiving from user terminal user's authentication certificate, and based on described user's authentication certificate, verify that described user is the user of described server system;
Secret receiver module, be used for receiving by the expression of the disclosed secret of hardware token and the sign information corresponding to the data recording of described hardware token from described terminal;
Matching module, be used for the untapped secret of the described expression of described secret and described a series of secrets of being associated with data recording corresponding to described hardware token is complementary;
Access allows module, if be used for the described expression of described secret and described untapped secret is complementary and described user to be verified be the user of described server system, allow described user to conduct interviews at least a portion of the data recording corresponding to described hardware token; And
Mark module, be used for described untapped covert marker for using.
Described server system can provide the security of improvement.Subscriber authentication module guarantees that the individual who only is authorized to can obtain the access to the data record.For example, only have the critical activity personnel be given with the certificate of authority (alternatively, make these certificates only during these critical activities personnel in shifts effectively).In addition, secret receiver module and matching module are used for the recognition data record, and the evidence that provides the user to have the vocational need of this data recording of access, and this is because otherwise the user will can not have the hardware token that has secret expression thereon.The combination of the expression of user rs authentication and the secret that receives from hardware token provides the security that improves, and this is because in the situation that there is not user rs authentication, and anyone who finds or steal card can the visit data record.
Hardware token can produce the expression of secret sequence due to hardware token, so can be used multiple times.Each secret only allows the disposable access to the data record, and this is to be effective because only have untapped secret.
Described server system can comprise communication module, be used for before access allows module permission user access, mobile phone or mobile terminal to the individual who is associated with described hardware token carry out automatic call or send message, and wherein, described communication module is arranged for making described individual can refuse to allow access.For example, the individual can be by pressing the button on phone or by transmitting a reply message to refuse permission, accessing during automatic telephone call.Whether like this, test this individual is conscious.If should the individual calling not be replied or return messages not, this may be because this individual is unconscious, and then system will allow the access that data are recorded.
Access allows module can comprise encryption equipment, be used for using the key based on the value that receives from user terminal, at least a portion to data records is encrypted, and the data that will encrypt and be used for sending to described user terminal according to the information of the described key of described value calculating.Like this, can guarantee to only have described user terminal can decipher these data.
Can be in time at least one the access in the data record that allows be limited.Like this, just avoided can also looking back data recording when emergency condition no longer exists.
The expression of described secret can comprise the encryption of described secret, described encryption can be based on key, described key can be the part of hash sequence, and the position of described secret in described secret sequence can be corresponding with the position of described key in described hash sequence.Like this, each secret in described sequence is differently encrypted.Described token and described server system can use identical key sequence.Described server system does not need to store whole encryption key sequence, and this is because they can recalculate by the hash sequence.
Described server system can comprise data transmission blocks, is arranged for sending the key corresponding with the position of described secret in described secret sequence in described hash sequence to described user terminal.By the application hash function, described user terminal or hardware token can calculate one or more other keys in described hash sequence.The value that described user terminal or token can calculate these compares with the value of storing.For example, before described hardware token is released, with the final key storage in hash chain on described hardware token.This provides the checking of server or provides terminal can check the mode that has obtained correct data recording.
In another program, the invention provides a kind of hardware token.Use together with the user terminal that this hardware token can communicate with the server system with providing.Described hardware token can comprise that secret provides module, be used for the expression that provides secret, the expression of wherein said secret comprises the encryption of described secret, and described encryption is based on key, and described key is the part of hash sequence, and the position of described secret in secret sequence is corresponding with the position of described key in the hash sequence, and described secret provides module to be arranged for providing described expression with reverse consecutive order.The expression sequence can be stored on the memory module of described hardware token.
In another program, the invention provides together with a kind of and described server system the user terminal that uses.Described user terminal comprises:
Secret receiver, be used for receiving the information by the expression of the disclosed secret of hardware token and the sign data recording corresponding with described hardware token;
The certificate receiver, for the authentication certificate that receives the user;
The value maker, be used for the generation value;
Transmitter, be used for the information of the data recording that described user's described authentication certificate, the expression by the disclosed described secret of described hardware token, sign is corresponding with described hardware token and the value that generates and send to server system; And
Data receiver, be used for from described server system with at least a portion of the content of encrypted form reception data recording and from described server system reception key data;
The cipher key calculation module, be used for carrying out computation key based on described value and described key data; And
The data deciphering device, be used for being decrypted based on described key at least a portion to the content of described data recording.
Described user terminal provides by user certificate with from the secret of hardware token the security that improves.In addition, by encryption, carry out the protected data record, wherein do not need to send described key by network.
Secret receiver can comprise token reader, is used for obtaining described expression or described information from described hardware token electronically.
A kind of system be used to the secure access that data are recorded is provided can comprise: described server system, a plurality of hardware token and a plurality of user terminal.Described hardware token can be carried by individual (as potential patient), and described user terminal can be carried or be used by user (as the critical activity personnel).When individual demand helped but the access details of his or her individual health record can't be provided, the critical activity personnel can be connected described hardware token with described terminal, and described terminal can send secret expression to described server system; The critical activity personnel verify that to described server system he/her is own, and obtain the access to the urgent part of this individual individual health record.This individual is when need Emergency Assistance next time, and described hardware token can generate the secret next one and represent.
, at another program, the invention provides a kind of method that provides the secure access of data record.Described method comprises:
A plurality of authentication certificates of a plurality of data recording of storage and user on server system, a data record has secret sequence associated therewith, shared with the hardware token corresponding to this data recording;
Receive user's authentication certificate from user terminal, and based on described user's authentication certificate, verify that described user is the user of described server system;
Receive by the expression of the disclosed secret of hardware token and the sign information corresponding to the data recording of described hardware token from described terminal;
Mate with the expression of described secret with the untapped secret in secret sequence that data recording corresponding to described hardware token is associated,,
If the expression of described secret and described untapped secret are complementary and described user to be verified be the user of described server system, allow described user to conduct interviews at least a portion of the data recording corresponding to described hardware token; And
With described untapped covert marker for using.
In another program, the invention provides a kind of computer program product, comprise be used to making processor system carry out the instruction of the method that provides.
It will be apparent to one skilled in the art that and can be regarded as useful mode and make up two or more in the embodiment that mentions of the present invention, realization and/or scheme in the above with any.
Those skilled in the art can describe to implement modifications and changes to described server, described user terminal, described hardware token, described method and/or described computer program based on this, and described modifications and changes are corresponding with the described modifications and changes of other aspects of the present invention.
Description of drawings
According to embodiment described below, these and other schemes of the present invention will be apparent, and with reference to these embodiment, illustrate these and other schemes of the present invention.In this accompanying drawing,
Fig. 1 is the block diagram of the system for the secure access that data are recorded is provided;
Fig. 2 is the block diagram of the user terminal that uses in this system;
Fig. 3 is for providing the process flow diagram to the method for the secure access of data records; And
Fig. 4 is for being provided for providing the figure to another visual angle of the system of the secure access of data record.
Embodiment
Present embodiment has been described the embodiment of system, and described system can be used in case of emergency, for example loses while realizing because accident or heart arrest become as the individual, and the access to individual's medical records is provided.The individual can carry a kind of hardware label, and the individual can treat this hardware label according to the mode of similar credit card.The information that is stored in this hardware label is preserved in confidence.This hardware label can, so that secret information is stored thereon with electronic form, make this information only just be exposed when the hardware label is connected to label reader.Perhaps, can be so that this information be visible, the individual that need to obtain like this access that data are recorded can be with this information reproduction in terminal.When the user loses when consciousness, the doctor can obtain this hardware label and use information on it, with request, the individual health record on this individual's the server that is stored in individual health record (PHR) is carried out disposable emergency access.In the situation that data label is stolen or loses, the user can report the loss, by block this hardware label on server, to forbid any emergency access to PHR.
, as the countermeasure that avoids theft, have data label and might not mean that request entity has the emergency access to user's PHR.Definition strategy in the PHR server, only allow to provide practitioner or healthcare givers from the information of data label to trigger emergency access.Similarly, do not have doctor and this emergency access of uncommitted initiation from the information of data label.
In addition, by the key of the hash chain from the user known to the PHR server with from doctor's secret, the hardware label can provide disposable session key to be used for the PHR of calling party for emergency physician based on only.The doctor can find out also whether the PHR that receives from the PHR server is real and it is corresponding with user's sign.
Fig. 1 shows a kind of system, comprising: server system 100, user terminal 200 and hardware token 60.This system can be used for providing the secure access to data record 2.This server system 100 can be by realizing with a plurality of computing machines and storage medium.Can also only use single computing machine to realize this system on less scale.In view of this description, other realization may will be apparent for the technician.
The memory module 1 of server system can be configured for storage a plurality of data recording, for example individual health record.This figure schematically shows a data record 2.Each data recording 2 that the emergency access possibility is activated can have corresponding hardware token 60, and corresponding hardware token is carried by the individual relevant to this data recording 2.Such data recording 2 can also have secret sequence 14 associated therewith, and this secret sequence 14 is to share with the hardware token 60 corresponding to this data recording 2.In diagram, the mode by example shows four secret s in secret sequence 14 1, s 2, s 3, s 4
In addition, server system 100 can be arranged for storing user authentication information 3.Such user authentication information can comprise access control policy.The user who mentions can be doctor or rescue service person or other people who has just cause or be authorized to access this data recording.
Server system 100 may further include: subscriber authentication module 10 is used for from user terminal 200 reception users' authentication certificate 11.Usually whether the user that subscriber authentication module 10 is judged terminal 200 places based on received authentication certificate 11 and the authorization information 3 of storing the emergency data of access server system 100 data recording of storing.That is to say, it is the user who is authorized to that this subscriber authentication module is arranged for authentication of users.Authentication module 10 for example can be arranged for carrying out based on role's access control or based on the access control of attribute based on the access control policy of storing.Be well known in the art based on the role's or based on the access control of attribute itself.As discussed below, in server system 100, such strategy can allow the user only could conduct interviews to the data record when this user provides the suitable secret information 13 that obtains from hardware token 60, and wherein this user has specific property set associated therewith.Secret information 13 can be to be read and be forwarded to server 100 under user's control from hardware token 60 by terminal 200.
Server system 100 may further include: secret receiver module 9 is used for receiving secret expression 13 from terminal 200.Terminal 200 can be arranged for reading from the individual's relevant to data recording 2 hardware token 60 secret 13.In addition, can receive the information of the sign data recording corresponding with hardware token.This latter's information can be included in secret or it can be data of the separation that obtains from token or other.
Server system 100 may further include: matching module 7, be used for the expression of secret 13 and the untapped secret of secret sequence are mated, and wherein should the secret sequence be associated with the data recording 2 corresponding to hardware token 60.In the drawings, s 1, s 2And s 3For untapped secret, and s 4For the secret of having used.For example, matching module 7 can be with last the untapped secret s in the expression of received secret 13 and secret sequence 14 3Mate
Server system 100 may further include: access allows module 6, if be used for secret expression 13 and untapped secret s 3It is to be authorized to the user that coupling and user have been verified, and allows the user to access at least a portion of the data recording corresponding with hardware token 60 2.If these two conditions are not met simultaneously, access allows 6 of modules to refuse the access of absolute data record 2.
Server system 100 may further include: mark module 12 is used for untapped secret s 3Be labeled as and use.Like this, which secret of system tracks is still untapped (as s 1And s 2).Only have the expression 13 of untapped secret can be used for the access of acquisition to data record 2.
Server system can comprise: communication module 8 is used for the mobile phone for example to the individual's who is associated with hardware token 60 mobile terminal 50() carry out automatic telephone call or send message.For example, communication module 8 can be included in the communication hardware found in mobile phone or with the network of such communication hardware, be connected.Communication module 8 allows to carry out its task before module 6 permission user access in access.Communication module 8 can be carried out two-way communication.If communication module 8 receives the suitable signal that returns from mobile terminal 50, communication module 8 can allow module 6 transmitted signals to allow module 6 to refuse the access of absolute data record 2 with the indication access to access so.Mobile terminal 50 comprises user interface, is used for making the user can send suitable signal, for example DTMF tone or sms message.
Server system 100 can comprise: encryption equipment 5, be used for to use the key based on the value that receives from user terminal, and at least a portion of data record 2 is encrypted.This value can be to send from user terminal together with expression 13 with secret.Server system 100 may further include: data transmission blocks 4 is used for sending the data of encrypting and being used for being worth according to this information of calculating this key to user terminal.Data transmission blocks 4 can send to terminal 200 with the whole addressable part of data recording, and terminal 200 can comprise and makes the software that the user can browsing data.Perhaps, data transmission blocks 4 can comprise the webserver, and the webserver sends the element by the data recording 2 of terminal 200 and network interface request by the user.Sending module 4 need not based on cipher key calculation as described above.Replace or in addition, for example can adopt SSL and/or HTTPS encryption technology or other data protection agreements.
Server system 100 can be arranged for only allowing after receiving secret expression 13 to 2 one limited period of access of data record.For example, allowing access during a session only and/or during the predetermined period.For example only has one hour.Replacedly or additionally, data recording 2 is sent to user terminal 200 only once or predetermined number of times only.
Secret expression 13 can comprise secret encryption (s for example 3Encryption).Encryption is based on key, and this key can be the part of hash sequence.The hash sequence is so a kind of sequence: in this sequence, each element in succession is to obtain by the element application hash function to before.Secret position in secret sequence is corresponding with the position of key in the hash sequence.That is to say, each secret in succession is with the next secret key encryption in the hash sequence.Like this, when last key from the hash sequence started to expose one by one these keys and reverse work, the assailant was difficult to crack unexposed secret.Why so reason is that hash function is one-way function.
Fig. 1 also shows the hardware token 60 that uses together with the user terminal 200 with server system 100 communications.Hardware token 60 comprises: secret provides module 61, and being used for provides secret expression 13 to terminal 200.Secret expression 13 can comprise secret encryption.Encryption can be based on key, and key can be the part of hash sequence, and secret position in secret sequence can be corresponding with the position of key in the hash sequence, and secret provides module can be arranged for providing expression with reverse consecutive order.
Hardware token can comprise: verifier 62, be arranged for receiving key, and wherein secret encryption generates with this key.This key is known as " key that receives ".The key that receives can send to terminal 200 from server system 100, and by terminal, is forwarded to hardware token 60.Verifier 62 can be to the cipher key application hash function that receives.Like this, just generate the key after processing.Key after this is processed can compare with the value of storing, and the key after this is processed can be handled further treatment step.The value of storing is based on other key in the hash sequence.After relatively, comparative result is sent to terminal.If more do not cause coupling, terminal can produce mistake, and this is because exist and do not mate between the data recording on server system and the information on hardware token.
Fig. 2 shows the possible user terminal 200 that uses together with server system 100.The terminal of Fig. 2 can be arranged for carrying out the task of the verifier in hardware token.In this case, hardware token need not to carry out check.Same,, if hardware token has verifier 62 really, can use the simpler terminal with checker 204.Terminal 200 can realize maybe can realizing with different hardware and suitable software with PC hardware.Run through accompanying drawing, with similar reference number, represented similar object.User terminal 200 can comprise: secret receiver 205 be used for to receive the information of the expression of the secret that is exposed by hardware token 60 and the sign data recording corresponding with hardware token 60.User terminal 200 may further include: certificate receiver 206, and for the authentication certificate that receives the user.Certificate receiver 206 can be based on for example making the user can input the user interface elements of username and password.In addition, user's name, password make the strong authentication to the user become possibility with the combination of the hardware token that is associated with the user (being not the hardware token 60 corresponding with patient's data recording).
User terminal 200 may further include: transmitter 201, the information that is used for the expression of the secret that exposes with user's authentication certificate, by hardware token 60 and the sign data recording corresponding with hardware token 60 sends to server system 100.When access to data record 2 is provided based on the information that provides server system 100, can the content in data recording 2 be sent to user terminal 200 with encrypted form.Yet same, whether checking and/or the inspection server system 100 that can carry out server have found correct data recording 2, as follows.
User terminal 200 can comprise: data receiver 202 is used for from server system 100 with at least a portion of the content of encrypted form reception data recording and from server system 100 reception key datas.This key data can be forwarded to verifier 204, described verifier 204 is arranged for that hash function is applied to the key data (one or many) that receives and carries out optional further treatment step, with the key after processing, and the key after processing and for this purpose and the value that receives from hardware token 60 compares.This value can be based on forward the key again in the hash sequence.Based on this relatively, whether verifier 204 determining server systems 100 and/or data recording 2 are real.
User terminal 200 can comprise: data deciphering device 203, be used for based on key data, and at least a portion of the content of data record is decrypted.Data deciphering device 203 only can be configured to verifier 204 carry out be proved to be successful the time just the content of data record is decrypted.
Secret receiver module 205 can comprise: token reader 207 is used for obtaining electronically expression and information from hardware token 60.For example, token reader 207 comprises intelligent card reader, and hardware token 60 comprises smart card.
Can set up complete shielded access system with the server system that provides, hardware token and user terminal, wherein verifier can be realized in user terminal or realize in hardware token.
The method that provides the secure access of data record is provided Fig. 3.The method can be with the form realization of software, and described software can be stored on one or more storage mediums, to be distributed on server system, one or more user terminal and one or more hardware token.
The method can comprise step 301, stores a plurality of data recording and stores user authentication information, and a data record has the secret sequence of sharing with the hardware token corresponding to this data recording associated therewith;
The method can comprise step 302, receives user's authentication certificate from user terminal, and based on this user's authentication certificate and the authorization information of storing, verifies that this user is for being authorized to the user.
The method can comprise step 303, from terminal, receives the expression of the secret that is exposed by hardware token and the sign information corresponding to the data recording of hardware token.
The method can comprise step 304, with the expression of this secret with the untapped secret in secret sequence that data recording corresponding to this hardware token is associated, is complementary.
The method can comprise step 305, if expression that should secret and untapped secret is complementary and this user to be verified be to be authorized to the user, allow this user to conduct interviews at least a portion of the data recording corresponding to this hardware token.
The method can also comprise step 306, should untapped covert marker for using.
The use of the hardware token such as data label smart card (comprising urgent redemption token) can make the healthcare givers can obtain access to user's PHR when emergency.As an example, can be achieved as follows feature.
-data label comprises the required visit information of access health records.
– is the information on neocaine more, and do not need to destroy or invalid your record.
-agreement relates to the inspection that the medical certificates to information requester carries out.
-agreement has been guaranteed the access of record only effective to a single session.
Exemplary embodiment can comprise one or more or whole in following element:
-PHR server is set up related with the redemption token with the user by generating hash chain.Save token encrypted and be stored on smart card together with pseudo-secret.
-doctor can be to PHR server authentication oneself, and his certificate should meet and is used for enabling the strategy of emergency access by the definition of PHR server.
The user terminal that-doctor or doctor use generates secret x in this locality, and with it together with pseudo-secret (ps) and i redemption token (rk i) offer together the PHR server.
Only when holding user's smart card, the doctor just allows emergency access.Its evidence both produces by pseudo-secret being provided and saving token.
-the scope of specifically saving token is limited to specific emergent session., for each emergent session, use different redemption token (rk i).I use of saving token only can realize the access for the i time emergent session, and is invalid afterwards, though the doctor after the trial use it be also like this.Therefore, this has prevented the doctor in the emergency access of utilizing from now on user's PHR, and has protected user's privacy in effective mode.
-simultaneously, the PHR server can be initiated automatic telephone call to the user, whether be in emergency condition in order to judge that the user is current.If the user do not have should, can suppose that the user is in emergency condition really.
-after the redemption token and pseudo-secret of having confirmed user (being actually the individual herein), the PHR server returns from hash chain K in the passage of safety verification 1, K 2..., K N(i-1) individual key K i-1, secret combine and use to generate disposable secret z with doctor's oneself secret x subsequently, for the PHR of decrypted user or the subset of PHR.
-PHR server returns to the PHR of encryption that uses z to encrypt, and can limit in time the access to PHR.In this case, to anyone, do not expose original password or the secret that user's user accesses PHR.
Fig. 4 shows the more detailed example of the embodiment of the present invention.These details only are described as example at this, and can be dividually or be applied in combination the system of Fig. 1 and Fig. 2 and the method for Fig. 3.System schematically shows potential patient 451.Also shown is smart card 452, it is an example of hardware token.This figure further shows PHR server 453 and user terminal 454(is operated by the doctor usually).Numeral 401-414 represents the data stream that is associated with some treatment steps.
A. secret initialization (step 401)
When the user registered the PHR account, he obtained pseudo-secret from the PHR server.At first the PHR server selects random number K 1First key [5] as hash chain.Hash function is applied on this key, to calculate the next key on hash chain.This process is repeated n-1 time, to generate hash chain, as follows:
K 1→K 2=H[K 1]→K 3=H[K 2]→...→K n=H[K n-1]
Hash chain has unidirectional attribute, and reason is: given K n, the assailant derives K n-1Infeasible on calculating.Hash chain is unique for each individuality, and it is as the identifier of user's PHR.Key in hash chain can be used for the authenticity of judgement user's PHR.With the reverse hash chain that uses in order, and K nBe represented as the pseudo-secret of user.
Except hash chain, the PHR server generates n and saves token X1 ..., Xn, random number for example, and with the key in hash chain, they are encrypted in such a way:
E Kn-1(Xn),E Kn-2(X n-1),...,E K1(X 2)
The redemption token is the secret of sharing between user's hardware token and PHR server.Due to encryption, use the doctor who saves token not to be decrypted this token, therefore stop and recur.Because each token be use be encrypted from the key in key chain and this key only for known to the PHR server, so the assailant can not create new token or revise token.
May comprise the data label (being hardware token) of pseudo-privacy key, the URL of access PHR server and the redemption token of encryption with the plaintext form and send to the user together with attached culvert, the suggestion user always carries this data label in described attached culvert.
B. trigger emergency access
In emergency, doctor and PHR server can be carried out some or all in following steps in order to Xiang the doctor, discharge the PHR data:
-step 402: the data on doctor's data query label smart card.
-step 403: the data label smart card returns to pseudo-secret K nWith i redemption token rk i=E Ki-1(X i).The identifier of pseudo-secret PHR as the user, save simultaneously token and allow emergency access Xiang the doctor.When the doctor inquires about smart card next time, will be together with the secret K of puppet nIssue together new redemption token, i.e. E Ki-2(X i-1).
-step 404: the doctor is such as using its username and password, SAML token, PKI certificate etc. to verify to the PHR server.
-step 405:PHR server verifies and returns authentication failed or successful message to the doctor.
-step 406: after good authentication, the doctor generates random secret x in this locality.
-step 407: after generating this secret, the doctor sends pseudo-secret (ps=K to the PHR server n), save token (rk i=E Ki-1(X i)) and random secret x.
-step 408: pseudo-secret based on what receive, PHR server selection user's corresponding hash chain, and back advance hash chain to obtain K i-1Use subsequently K i-1Decipher the redemption token, and the PHR server guarantees that this token never had been used before, otherwise the PHR server is ended this session, and will not discharge patient's PHR data.
-step 409:PHR server can also carry out automatic call to the user, to judge that this user is whether in emergency condition; If user's indication not in emergency condition, will be ended the emergency access request immediately.
-step 410: if found out it is emergency condition, the PHR server generates disposable privacy key z=x+K i-1,
Then-step 411:PHR server carrys out the PHR of encrypting user with privacy key z.
The PHR that-step 412:PHR server will be encrypted is together with key K i-1Send to together doctor's (for example, the key part that can be used as Internet Key Exchange Protocol is sent out).
-step 413: doctor's terminal is also known x and Ki-1, also can calculate disposable secret z.Yet before this, the doctor can guarantee the K that receives from the PHR server i-1Real and corresponding with user's sign, in order to guarantee to obtain correct PHR.Doctor's terminal can repeatedly be applied to K with hash function i-1With the hashed value that produces, until it arrives K n, K wherein nCan be considered to the pseudo-secret of user.This is with making a kind of mode that the PHR server is verified, this is because only have the PHR server to know complete hash chain H[K i-1] → ... → H[K n-1]=K n
-step 414: the doctor deciphers the PHR data with the output of step 413.
To be clear that, the present invention also is applied to be suitable on computer program, especially carrier that the present invention is tried out or the computer program in carrier.Program can be the form of source code, object code, code intermediate source and object code, for example part compiling form or be suitable for realizing any other form of the method according to this invention.Also will be clear that, such program can have multiple different architecture design.For example, the program code of realizing the function of the method according to this invention or system can be subdivided into one or more subroutines.The multiple different mode of distribution function will be apparent for the technician in these subroutines.Subroutine can be stored in an executable file together to form independently program.Such executable file can comprise computer executable instructions, for example processor instruction and/or interpreter instruction (for example Java interpreter instruction).Perhaps, one or more in these subroutines or all can be stored at least one external libraries file, and for example link statically or dynamically with master routine when operation.Master routine comprise at least one subroutine at least one call.Subroutine can also comprise calling each other.The embodiment that relates to computer program comprises: the computer executable instructions corresponding with each treatment step at least one method that this paper provides.These instructions can be subdivided into subroutine and/or be stored in can be by in one or more files of static state or dynamic link.Another embodiment that relates to computer program comprises: the computer executable instructions corresponding with each module at least one system that provides herein and/or product.These instructions can be subdivided into subroutine and/or be stored in can be by in one or more files of static state or dynamic link.
The carrier of computer program can carry any entity or the equipment of program.For example, carrier can comprise: storage medium, and ROM for example, as CD ROM or semiconductor ROM; Perhaps magnetic recording media, as flash drive or hard disk.Further, but carrier can be the transport vehicle such as electric signal or light signal, and it can or transmit by radio or other modes by cable or optical cable.When program was implemented with such signal, carrier can be comprised of such cable or other equipment or mode.Perhaps, carrier can be the integrated circuit of embedding program, and this integrated circuit is applicable to carry out relevant method or uses in the process of the execution of relevant method.
Should be noted in the discussion above that the above embodiments illustrate rather than limit the present invention, and those skilled in the art can design the embodiment of many replacements, and not depart from the scope of claims.In the claims, any reference symbol that is placed in parenthesis should not be construed as limitations on claims.Use verb " to comprise " and morphological change is not got rid of to exist and is different from the element of stating in claim or element or the step of step.Article " one " before element or " one " do not get rid of and have a plurality of such elements.Hardware that can be by comprising some different elements and by the computing machine of suitable programming, realize the present invention.In having enumerated the equipment claim of some modules, several in these modules can be implemented by one and identical hardware branch.It is not that expression can not be made a profit with the combination of these measures that some measure is documented in this undisputable fact in mutually different dependent claims.

Claims (13)

1. one kind is used for providing the server system to the secure access of data record, comprising:
Memory module (1), be used for storing a plurality of data recording, data records (2) have and this data recording (2) secret sequence (14) of sharing with hardware tokens corresponding to this data recording (2) (60) that be associated, and described server system (100) further is arranged for storing user authentication information (3);
Subscriber authentication module (10), be used for receiving from user terminal (200) user's authentication certificate (11), and based on described user's described authentication certificate (11) and the authorization information (3) of storing, verify that described user is authorized to the user;
Secret receiver module (9), be used for receiving the expression (13) of the secret that is exposed by hardware token (60) and the sign information corresponding to the data recording of described hardware token from described terminal;
Matching module (7), be used for the untapped secret (s of the described expression (13) of described secret and the secret sequence (14) that is associated with data recording (2) corresponding to described hardware token (60) 3) mate;
Access allows module (6), if be used for the described expression (13) and described untapped secret (s of described secret 3) be complementary and described user to be verified be to be authorized to the user, allow described user to conduct interviews at least a portion of the data recording corresponding to described hardware token (60) (2); And
Mark module (12), be used for described untapped secret (s 3) be labeled as and use.
2. server system according to claim 1, wherein, described server system comprises: communication module (8), be used for before described access allows the described user access of module (6) permission, mobile phone or mobile terminal (50) to the individual who is associated with described hardware token (60) carry out automatic call or send message, and wherein, described communication module (8) is arranged for making access to be refused by described individual.
3. server system according to claim 1 comprises: encryption equipment (5), be used for using the key based on the value that receives from described user terminal, and described at least a portion of described data recording is encrypted; And data transmission blocks (4), for the data after encrypting to described user terminal transmission with for calculate the information of described key according to described value.
4. server system according to claim 1, wherein, the access at least one described data recording that allows is limited in time.
5. server system according to claim 1, wherein, the described expression (13) of described secret comprises described secret (s 3) encryption, described encryption is based on key, and described key is the part of hash sequence, and the position of described secret in described secret sequence is corresponding with the position of described key in described hash sequence.
6. server system according to claim 5 comprises: data transmission blocks (4) is arranged for sending described key to described user terminal.
7. hardware token (60) that uses together with user terminal (200), described user terminal (200) communicates with server system according to claim 4 (100), wherein, described hardware token (60) comprising: secret provides module (61), be used for the expression (13) that provides secret, wherein, the described expression (13) of described secret comprises the encryption of described secret, and described encryption is based on key, and described key is the part of hash sequence, and the position of described secret in described secret sequence is corresponding with the position of described key in described hash sequence, and described secret provides module to be arranged for providing a plurality of expressions with reverse consecutive order.
8. hardware token according to claim 7, comprise: verifier (62), be arranged for receiving the described key be used to the described encryption that generates described secret, to obtain the key that receives, hash function is applied to the described key that receives with the key after processing, and the key after described processing and the value of storing are compared.
9. user terminal (200) that uses together with server system according to claim 1 comprising:
Secret receiver (205), be used for receiving the expression of the secret that is exposed by hardware token (60) and the sign information corresponding to the data recording of described hardware token (60);
Certificate receiver (206), for the authentication certificate that receives the user;
Transmitter (201), be used for to described server system (100) send described user's described authentication certificate, the described expression of the described secret that exposed by described hardware token (60) and sign be corresponding to the information of the described data recording of described hardware token (60); And
Data receiver (202), be used for from described server system (100) with at least a portion of the content of the described data recording of encrypted form reception and from described server system (100) reception key data;
Verifier (204), be arranged for the key after the key data that hash function is applied to receive is processed with acquisition, and the key after described processing and the value that receives from described hardware token (100) compared;
Data deciphering device (203), be used for being decrypted based on described key data described at least a portion to the content of described data recording.
10. user terminal according to claim 9, wherein, described secret receiver module (205) comprising: token reader (207) is used for obtaining electronically described expression or described information from described hardware token (100).
11. system that comprises server system according to claim 1 (100), a plurality of hardware token according to claim 7 (60) and a plurality of user terminal according to claim 9 (200).
12. one kind provides the method to the secure access of data record, comprising:
Storage (301) a plurality of data recording are also stored user authentication information, and a data record has the secret sequence of sharing with hardware token corresponding to this data recording that be associated with this data recording;
Receive (302) user's authentication certificate from user terminal, and based on described user's described authentication certificate and the authorization information of storing, verify that described user is authorized to the user;
Receive the expression of the secret that (303) exposed by hardware token and the sign information corresponding to the data recording of described hardware token from described terminal;
Mate (304) with the described expression of described secret with the untapped secret in secret sequence that data recording corresponding to described hardware token is associated;
If the described expression of described secret and described untapped secret are complementary, and described user to be verified be to be authorized to the user, allow (305) described user to conduct interviews at least a portion of the data recording corresponding to described hardware token; And
With described untapped covert marker (306) for using.
13. a computer program comprises: be used for making processor system to carry out the instruction of method according to claim 12.
CN201280007170.1A 2011-02-01 2012-01-30 System, method and device for secure access to personal health records in emergency situations Active CN103403730B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP11152826 2011-02-01
EP11152826.1 2011-02-01
PCT/IB2012/050420 WO2012104771A2 (en) 2011-02-01 2012-01-30 Secure access to personal health records in emergency situations

Publications (2)

Publication Number Publication Date
CN103403730A true CN103403730A (en) 2013-11-20
CN103403730B CN103403730B (en) 2017-04-12

Family

ID=45581947

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280007170.1A Active CN103403730B (en) 2011-02-01 2012-01-30 System, method and device for secure access to personal health records in emergency situations

Country Status (8)

Country Link
US (1) US9092643B2 (en)
EP (1) EP2671181B1 (en)
JP (1) JP5897040B2 (en)
CN (1) CN103403730B (en)
BR (1) BR112013019236A2 (en)
RU (1) RU2602790C2 (en)
TR (1) TR201902868T4 (en)
WO (1) WO2012104771A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516146A (en) * 2015-12-10 2016-04-20 惠州Tcl移动通信有限公司 Health data authorization method based on mobile terminal, and server
CN106548062A (en) * 2015-09-18 2017-03-29 三星电子株式会社 Server and user terminal
CN108886519A (en) * 2016-03-22 2018-11-23 皇家飞利浦有限公司 The cloud storage of data
CN111316278A (en) * 2017-11-03 2020-06-19 维萨国际服务协会 Secure identity and archive management system

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014206795A1 (en) * 2013-06-28 2014-12-31 Koninklijke Philips N.V. System for managing access to medical data
DE102014213454A1 (en) * 2014-07-10 2016-01-14 Siemens Aktiengesellschaft Method and system for detecting a manipulation of data records
US10171537B2 (en) * 2015-08-07 2019-01-01 At&T Intellectual Property I, L.P. Segregation of electronic personal health information
US9942747B2 (en) 2015-08-07 2018-04-10 At&T Mobility Ii Llc Dynamic utilization of services by a temporary device
CN105357107B (en) * 2015-11-18 2019-05-07 四川长虹电器股份有限公司 The social intercourse system and method for intelligent residential district based on cloud platform
US11106818B2 (en) * 2015-12-11 2021-08-31 Lifemed Id, Incorporated Patient identification systems and methods
JP7013807B2 (en) * 2017-11-15 2022-02-01 富士通株式会社 Information processing equipment, information processing systems and information processing programs
US10897354B2 (en) 2018-01-19 2021-01-19 Robert Bosch Gmbh System and method for privacy-preserving data retrieval for connected power tools
JP2019164506A (en) * 2018-03-19 2019-09-26 特定非営利活動法人日本医療ネットワーク協会 Providing system and providing program
US11146540B2 (en) * 2018-05-09 2021-10-12 Datalogic Ip Tech S.R.L. Systems and methods for public key exchange employing a peer-to-peer protocol
US11139982B2 (en) * 2019-01-30 2021-10-05 Rsa Security Llc Communication-efficient device delegation
CN113506399B (en) * 2021-06-03 2022-11-15 山西三友和智慧信息技术股份有限公司 Wisdom campus access control system based on artificial intelligence

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1771487A (en) * 2004-01-08 2006-05-10 三星电子株式会社 Method and apparatus for limiting number of times contents can be accessed using hashing chain
US20070078686A1 (en) * 2005-09-30 2007-04-05 International Business Machines Corporation Electronic health record transaction monitoring
CN1983317A (en) * 2005-12-15 2007-06-20 国际商业机器公司 Method and system for data scheduling
CN101803272A (en) * 2007-06-26 2010-08-11 G3视觉有限公司 Authentication system and method

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000191902A (en) 1998-12-24 2000-07-11 Mitsui Chemicals Inc Resin composition
JP2002007562A (en) 2000-06-26 2002-01-11 Nanpo Kensetsu:Kk Method and device for supporting emergency medical treatment
US7062567B2 (en) * 2000-11-06 2006-06-13 Endeavors Technology, Inc. Intelligent network streaming and execution system for conventionally coded applications
FR2841073B1 (en) 2002-06-18 2007-03-30 Patient On Line INFORMATION MANAGEMENT SYSTEM FOR EMERGENCY SITUATION
JP2006033780A (en) * 2004-07-16 2006-02-02 Third Networks Kk Network authentication system using identification by calling-back
US20070282631A1 (en) * 2005-09-08 2007-12-06 D Ambrosia Robert Matthew System and method for aggregating and providing subscriber medical information to medical units
US9137012B2 (en) * 2006-02-03 2015-09-15 Emc Corporation Wireless authentication methods and apparatus
US20070233519A1 (en) * 2006-03-29 2007-10-04 Mymedicalrecords.Com, Inc. Method and system for providing online medical records with emergency password feature
US8607044B2 (en) 2006-04-25 2013-12-10 Verisign, Inc. Privacy enhanced identity scheme using an un-linkable identifier
US9020913B2 (en) * 2007-10-25 2015-04-28 International Business Machines Corporation Real-time interactive authorization for enterprise search

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1771487A (en) * 2004-01-08 2006-05-10 三星电子株式会社 Method and apparatus for limiting number of times contents can be accessed using hashing chain
US20070078686A1 (en) * 2005-09-30 2007-04-05 International Business Machines Corporation Electronic health record transaction monitoring
CN1983317A (en) * 2005-12-15 2007-06-20 国际商业机器公司 Method and system for data scheduling
CN101803272A (en) * 2007-06-26 2010-08-11 G3视觉有限公司 Authentication system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HALLER N M: "The S/Key one-time password", 《URL:HTTP://WWW.CS.UTK.EDU/~DUNIGAN/CNS04/SKEY.PDF》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106548062A (en) * 2015-09-18 2017-03-29 三星电子株式会社 Server and user terminal
CN105516146A (en) * 2015-12-10 2016-04-20 惠州Tcl移动通信有限公司 Health data authorization method based on mobile terminal, and server
CN108886519A (en) * 2016-03-22 2018-11-23 皇家飞利浦有限公司 The cloud storage of data
CN108886519B (en) * 2016-03-22 2021-09-14 皇家飞利浦有限公司 Cloud storage of data
CN111316278A (en) * 2017-11-03 2020-06-19 维萨国际服务协会 Secure identity and archive management system
CN111316278B (en) * 2017-11-03 2023-10-10 维萨国际服务协会 Secure identity and profile management system
US11899820B2 (en) 2017-11-03 2024-02-13 Visa International Service Association Secure identity and profiling system

Also Published As

Publication number Publication date
WO2012104771A2 (en) 2012-08-09
JP2014508456A (en) 2014-04-03
EP2671181B1 (en) 2018-12-12
US20130318632A1 (en) 2013-11-28
JP5897040B2 (en) 2016-03-30
RU2602790C2 (en) 2016-11-20
CN103403730B (en) 2017-04-12
US9092643B2 (en) 2015-07-28
RU2013140418A (en) 2015-03-10
BR112013019236A2 (en) 2017-11-14
WO2012104771A3 (en) 2012-11-15
EP2671181A2 (en) 2013-12-11
TR201902868T4 (en) 2019-03-21

Similar Documents

Publication Publication Date Title
CN103403730A (en) Secure access to personal health records in emergency situations
US20210246824A1 (en) Method and apparatus for securing communications using multiple encryption keys
Pussewalage et al. Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions
CN1833398B (en) Secure data parser method and system
RU2434352C2 (en) Reliable authentication method and device
CN102656591B (en) Use the digital rights management based on the encryption of attribute
US9165149B2 (en) Use of a mobile telecommunication device as an electronic health insurance card
CN105052072A (en) Remote authentication and transaction signatures
CN101939946A (en) Systems and methods for securing data using multi-factor or keyed dispersal
JPH10508438A (en) System and method for key escrow and data escrow encryption
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN102037474A (en) Identity-based encryption of data items for secure access thereto
KR101701304B1 (en) Method and system for managing medical data using attribute-based encryption in cloud environment
US20230259899A1 (en) Method, participant unit, transaction register and payment system for managing transaction data sets
Naresh et al. Blockchain‐based patient centric health care communication system
CN102057379B (en) The method and system of health care data process
JP5582663B2 (en) Method for generating identifier, method for blocking cryptographic device, program, block system, and computer system
Thummavet et al. Privacy-preserving emergency access control for personal health records.
CN113990399A (en) Gene data sharing method and device for protecting privacy and safety
De Oliveira et al. Red Alert: break-glass protocol to access encrypted medical records in the cloud
Ibrahim et al. A secure framework for medical information exchange (MI-X) between healthcare providers
Tan et al. Secure and privacy-preserving sharing of personal health records with multi-party pre-authorization verification
Ibrahim et al. An abstract architecture design for medical information exchange
Nagaty A secured hybrid cloud architecture for mhealth care
De Decker et al. Advanced Applications for e-ID Cards in Flanders

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant